Zero to Zero Knowledge | Password Managers
Understanding Common Threats & How to Secure your Data Online
Since the advent of the internet, passwords have become a primary means of security to keep our data safe. However, most of users aren’t aware of the importance of a good password and how vulnerable they are using the same password or simple ones like ‘‘Charlie1234’’.
Before we dive in, let’s learn about Brute Force Attacks:
Brute Force, is one of the oldest methods of hacking. It works through a repetitive process of trial and error with username/password combinations until successfully breaking into a system. The attack is made easier if the hacker has the target's username or access email. This process is now optimized through the use of algorithms that perform and optimize thousands of combinations to achieve access successfully.
To preserve ourselves, creating a strong password is necessary. We must focus on 5 key elements:
1 ) Length & Character Variety:
Aim for at least 12-16 characters. Longer passwords are exponentially harder to crack. You can use uppercase letters (A-Z), lowercase letters (a-z), numbers (0-9) and incorporate special characters like !@$%&*.
Example: Ucd57AkDp7#upMHW6ao&3QiCb6cnahIE7hIu?K3 2) Avoid Predictability:
Avoid common words or phrases, as well as not using personal information such as birthdays and names, and also staying away from keyboard patterns as mentioned above (''123456).
3) Use Passphrases:
The combination of unrelated words with numbers and symbols are ideal.
Example: ‘‘Cyph3r$@#P4nK@34%’’4) Random Passwords:
Finally, use a password manager or script to create cryptographically strong random passwords as the first example.
⚠️ Never use a password twice between websites⚠️
Now we already know what a password manager is and how to create a good password, let’s deep into the top 4 of good services that you can use.
It’s important to check documentation before using.
1Password stores passwords, credit card details, notes, ad sensitive information in an encrypted ‘‘Vault’’, having compatibility for several OS like Windows, MacOS, Linux, iOS and Android, and also supports browser extensions for Brave, Chrome and others. 1Password also supports having multiple vaults.
Two-Factor Authentication (2FA) codes are also utilised so users don’t need to use products like Google Authenticator, Authy and others.
🔒| Security
1Password uses AES-256 bit encryption, a highly secure standard. The Zero-knowledge Architecture means 1Password cannot access your stored data, which means that only you have the key.
Master Password protects your entire vault and is known only to you, and Secret Key is a device-specific key adds an additional layer of security when setting up new devices.
🐈| GitHub
Bitwarden is a open source password manager with the source code is hosted on GitHub and every is free to review, audit and contribute to the codebase.
The team behind the project maintains source code transparency as an absolute requirement. Their servers contain the APIs, database & other core infrastructure items needed for the backend of all bitwarden client applications, also having a browser extension.
The Bitwarden Mobile application is written in C# with amarin Android, iOS & Xamarin Forms, also being compatible for desktop app which is written using Electron and Angular. The application installs on Windows, MacOS, and Linux distributions.
If you prefer CLI, Bitwarden also provides a powerful, full-featured command-line interface tool to access and manage your vault.
🐈| GitHub
Dashlane is a secure and user-friendly password manager designed to simplify the users online life, keeping their personal information safe. Not too different from the last one, Dashlane helps the user to store, manage and auto-fill passwords, such as payment information and other sensitive data across all devices through an advanced encryption to ensure that only the user have access to the stored information, as the data is protected by a master password that only the user knows.
In addition to password management, Dashlane offers features like a built-in VPN for private browsing, password health monitoring, dark web monitoring to alert you of potential security breaches, and easy password sharing with trusted contacts. With Dashlane, you can generate strong, unique passwords and save time by not having to remember or type them manually.
It works seamlessly across platforms, including desktop browsers, mobile apps, and web-based access.
Is Dashlane Open-Source & Free? 🤔
No. Dashlane is not fully free or open-source. It offers a free plan with basic features, such as managing passwords for up to 50 accounts on a single device.
Premium plans are available for more advanced features like unlimited password storage, multi-device syncing, darkweb monitoring, a built-in VPN, and more.
Now talking about the open-source status, as we said, isn’t open source. Its codebase is proprietary, meaning users cannot inspect or modify its source code. While the company emphasizes strong security practices, some users prefer open-source password managers like Bitwarden because their transparency allows for independent audits by the community.
KeyPassXC is a password manager which is highly recommended for the privacy community. Different from the others, it stores your data locally in your device, being a little complexity in the first experience. KeyPassXC is also very popular, free and open-source known for its focus on security, transparency, and local control of the data, also serving as a cross-platform application that supports and runs on Windows, macOS & Linux. It’s also a community-driven fork of the original KeePass project.
The source code is publicly available, providing transparency and allowing for regular audits made by the community. Passwords are stored in an encrypted database (AES-256) on the device, giving the user full control over their data.
There’s no cloud integration by default, ensuring data is not shared unless the user chooses to sync via 3rd party tools. It also offers browser extensions, advanced features and much more.
So in a nutshell, KeyPassXC is ideal for users who really value privacy, independence and full control over their data.
If you’re comfortable with a bit of setup and want maximum security and transparency, KeyPassXC is an excellent choice.
🐈| GitHub
💡| Conclusion:
Password Managers are incredibly useful to protect your data. Do you own research before trust any service, this will help you to avoid huge problems in the future. Two-Factor Authentication is also a main key to increase your online security & safety, a good topic to dive into later 🙂
You mentioned dashlane and not Proton Pass? :O